Current File : /home/admin/public_html/old/happyezystyle/board/Sources/SendTopic.php
<?php
/**********************************************************************************
* SendTopic.php *
***********************************************************************************
* SMF: Simple Machines Forum *
* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) *
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
* Software by: Simple Machines (http://www.simplemachines.org) *
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
* 2001-2006 by: Lewis Media (http://www.lewismedia.com) *
* Support, News, Updates at: http://www.simplemachines.org *
***********************************************************************************
* This program is free software; you may redistribute it and/or modify it under *
* the terms of the provided license as published by Simple Machines LLC. *
* *
* This program is distributed in the hope that it is and will be useful, but *
* WITHOUT ANY WARRANTIES; without even any implied warranty of MERCHANTABILITY *
* or FITNESS FOR A PARTICULAR PURPOSE. *
* *
* See the "license.txt" file for details of the Simple Machines license. *
* The latest version can always be found at http://www.simplemachines.org. *
**********************************************************************************/
if (!defined('SMF'))
die('Hacking attempt...');
/* The functions in this file deal with sending topics to a friend or
moderator, and those functions are:
void SendTopic()
- sends information about a topic to a friend.
- uses the SendTopic template, with the main sub template.
- requires the send_topic permission.
- redirects back to the first page of the topic when done.
- is accessed via ?action=emailuser;sa=sendtopic.
void CustomEmail()
- send an email to the user - allow the sender to write the message.
- can either be passed a user ID as uid or a message id as msg.
- does not check permissions for a message ID as there is no information disclosed.
void ReportToModerator()
- gathers data from the user to report abuse to the moderator(s).
- uses the ReportToModerator template, main sub template.
- requires the report_any permission.
- uses ReportToModerator2() if post data was sent.
- accessed through ?action=reporttm.
void ReportToModerator2()
- sends off emails to all the moderators.
- sends to administrators and global moderators. (1 and 2)
- called by ReportToModerator(), and thus has the same permission
and setting requirements as it does.
- accessed through ?action=reporttm when posting.
*/
// The main handling function for sending specialist (Or otherwise) emails to a user.
function EmailUser()
{
global $topic, $txt, $context, $scripturl, $sourcedir, $smcFunc;
// Don't index anything here.
$context['robot_no_index'] = true;
// Load the template.
loadTemplate('SendTopic');
$sub_actions = array(
'email' => 'CustomEmail',
'sendtopic' => 'SendTopic',
);
if (!isset($_GET['sa']) || !isset($sub_actions[$_GET['sa']]))
$_GET['sa'] = 'sendtopic';
$sub_actions[$_GET['sa']]();
}
// Send a topic to a friend.
function SendTopic()
{
global $topic, $txt, $context, $scripturl, $sourcedir, $smcFunc;
// Check permissions...
isAllowedTo('send_topic');
// We need at least a topic... go away if you don't have one.
if (empty($topic))
fatal_lang_error('not_a_topic', false);
// Get the topic's subject.
$request = $smcFunc['db_query']('', '
SELECT m.subject
FROM {db_prefix}topics AS t
INNER JOIN {db_prefix}messages AS m ON (m.id_msg = t.id_first_msg)
WHERE t.id_topic = {int:current_topic}
LIMIT 1',
array(
'current_topic' => $topic,
)
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('not_a_topic', false);
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Censor the subject....
censorText($row['subject']);
// Sending yet, or just getting prepped?
if (empty($_POST['send']))
{
$context['page_title'] = sprintf($txt['sendtopic_title'], $row['subject']);
$context['start'] = $_REQUEST['start'];
return;
}
// Actually send the message...
checkSession();
spamProtection('sendtopc');
// This is needed for sendmail().
require_once($sourcedir . '/Subs-Post.php');
// Trim the names..
$_POST['y_name'] = trim($_POST['y_name']);
$_POST['r_name'] = trim($_POST['r_name']);
// Make sure they aren't playing "let's use a fake email".
if ($_POST['y_name'] == '_' || !isset($_POST['y_name']) || $_POST['y_name'] == '')
fatal_lang_error('no_name', false);
if (!isset($_POST['y_email']) || $_POST['y_email'] == '')
fatal_lang_error('no_email', false);
if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['y_email']) == 0)
fatal_lang_error('email_invalid_character', false);
// The receiver should be valid to.
if ($_POST['r_name'] == '_' || !isset($_POST['r_name']) || $_POST['r_name'] == '')
fatal_lang_error('no_name', false);
if (!isset($_POST['r_email']) || $_POST['r_email'] == '')
fatal_lang_error('no_email', false);
if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['r_email']) == 0)
fatal_lang_error('email_invalid_character', false);
// Emails don't like entities...
$row['subject'] = un_htmlspecialchars($row['subject']);
$replacements = array(
'TOPICSUBJECT' => $row['subject'],
'SENDERNAME' => $_POST['y_name'],
'RECPNAME' => $_POST['r_name'],
'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0',
);
$emailtemplate = 'send_topic';
if (!empty($_POST['comment']))
{
$emailtemplate .= '_comment';
$replacements['COMMENT'] = $_POST['comment'];
}
$emaildata = loadEmailTemplate($emailtemplate, $replacements);
// And off we go!
sendmail($_POST['r_email'], $emaildata['subject'], $emaildata['body'], $_POST['y_email']);
// Back to the topic!
redirectexit('topic=' . $topic . '.0');
}
// Allow a user to send an email.
function CustomEmail()
{
global $context, $modSettings, $user_info, $smcFunc, $txt, $scripturl, $sourcedir;
// Can the user even see this information?
if ($user_info['is_guest'] && !empty($modSettings['guest_hideContacts']))
fatal_lang_error('no_access', false);
// Are we sending to a user?
$context['form_hidden_vars'] = array();
if (isset($_REQUEST['uid']))
{
$request = $smcFunc['db_query']('', '
SELECT email_address AS email, real_name AS name, id_member, hide_email
FROM {db_prefix}members
WHERE id_member = {int:id_member}',
array(
'id_member' => (int) $_REQUEST['uid'],
)
);
$context['form_hidden_vars']['uid'] = (int) $_REQUEST['uid'];
}
elseif (isset($_REQUEST['msg']))
{
$request = $smcFunc['db_query']('', '
SELECT IFNULL(mem.email_address, m.poster_email) AS email, IFNULL(mem.real_name, m.poster_name) AS name, IFNULL(mem.id_member, 0) AS id_member, hide_email
FROM {db_prefix}messages AS m
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
WHERE m.id_msg = {int:id_msg}',
array(
'id_msg' => (int) $_REQUEST['msg'],
)
);
$context['form_hidden_vars']['msg'] = (int) $_REQUEST['msg'];
}
if (empty($request) || $smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('cant_find_user_email');
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Can they actually do this?
$context['show_email_address'] = showEmailAddress(!empty($row['hide_email']), $row['id_member']);
if ($context['show_email_address'] === 'no')
fatal_lang_error('no_access');
// Setup the context!
$context['recipient'] = array(
'id' => $row['id_member'],
'name' => $row['name'],
'email' => $row['email'],
'email_link' => ($context['show_email_address'] == 'yes_permission_override' ? '<em>' : '') . '<a href="mailto:' . $row['email'] . '">' . $row['email'] . '</a>' . ($context['show_email_address'] == 'yes_permission_override' ? '</em>' : ''),
'link' => $row['id_member'] ? '<a href="' . $scripturl . '?action=profile;u=' . $row['id_member'] . '">' . $row['name'] . '</a>' : $row['name'],
);
// Can we see this person's email address?
$context['can_view_receipient_email'] = $context['show_email_address'] == 'yes' || $context['show_email_address'] == 'yes_permission_override';
// Are we actually sending it?
if (isset($_POST['send']) && isset($_POST['email_body']))
{
require_once($sourcedir . '/Subs-Post.php');
checkSession();
// If it's a guest sort out their names.
if ($user_info['is_guest'])
{
if (empty($_POST['y_name']) || $_POST['y_name'] == '_' || trim($_POST['y_name']) == '')
fatal_lang_error('no_name', false);
if (empty($_POST['y_email']))
fatal_lang_error('no_email', false);
if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['y_email']) == 0)
fatal_lang_error('email_invalid_character', false);
$from_name = trim($_POST['y_name']);
$from_email = trim($_POST['y_email']);
}
else
{
$from_name = $user_info['name'];
$from_email = $user_info['email'];
}
// Check we have a body (etc).
if (trim($_POST['email_body']) == '' || trim($_POST['email_subject']) == '')
fatal_lang_error('email_missing_data');
// We use a template in case they want to customise!
$replacements = array(
'EMAILSUBJECT' => $_POST['email_subject'],
'EMAILBODY' => $_POST['email_body'],
'SENDERNAME' => $from_name,
'RECPNAME' => $context['recipient']['name'],
);
// Get the template and get out!
$emaildata = loadEmailTemplate('send_email', $replacements);
sendmail($context['recipient']['email'], $emaildata['subject'], $emaildata['body'], $from_email);
// Don't let them send too many!
spamProtection('sendmail');
// Now work out where to go!
if (isset($_REQUEST['uid']))
redirectexit('action=profile;u=' . (int) $_REQUEST['uid']);
elseif (isset($_REQUEST['msg']))
redirectexit('msg=' . (int) $_REQUEST['msg']);
else
redirectexit();
}
$context['sub_template'] = 'custom_email';
$context['page_title'] = $txt['send_email'];
}
// Report a post to the moderator... ask for a comment.
function ReportToModerator()
{
global $txt, $topic, $modSettings, $user_info, $context, $smcFunc;
$context['robot_no_index'] = true;
// You can't use this if it's off or you are not allowed to do it.
isAllowedTo('report_any');
// If they're posting, it should be processed by ReportToModerator2.
if (isset($_POST[$context['session_var']]) || isset($_POST['submit']))
ReportToModerator2();
// We need a message ID to check!
if (empty($_GET['msg']) && empty($_GET['mid']))
fatal_lang_error('no_access', false);
// For compatibility, accept mid, but we should be using msg. (not the flavor kind!)
$_GET['msg'] = empty($_GET['msg']) ? (int) $_GET['mid'] : (int) $_GET['msg'];
// Check the message's ID - don't want anyone reporting a post they can't even see!
$result = $smcFunc['db_query']('', '
SELECT m.id_msg, m.id_member, t.id_member_started
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = {int:current_topic})
WHERE m.id_msg = {int:id_msg}
AND m.id_topic = {int:current_topic}
LIMIT 1',
array(
'current_topic' => $topic,
'id_msg' => $_GET['msg'],
)
);
if ($smcFunc['db_num_rows']($result) == 0)
fatal_lang_error('no_board');
list ($_GET['msg'], $member, $starter) = $smcFunc['db_fetch_row']($result);
$smcFunc['db_free_result']($result);
// Show the inputs for the comment, etc.
loadLanguage('Post');
loadTemplate('SendTopic');
// This is here so that the user could, in theory, be redirected back to the topic.
$context['start'] = $_REQUEST['start'];
$context['message_id'] = $_GET['msg'];
$context['page_title'] = $txt['report_to_mod'];
$context['sub_template'] = 'report';
}
// Send the emails.
function ReportToModerator2()
{
global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $sourcedir, $language, $context, $smcFunc;
// Check their session... don't want them redirected here without their knowledge.
checkSession();
spamProtection('reporttm');
// You must have the proper permissions!
isAllowedTo('report_any');
require_once($sourcedir . '/Subs-Post.php');
// Get the basic topic information, and make sure they can see it.
$_POST['msg'] = (int) $_POST['msg'];
$request = $smcFunc['db_query']('', '
SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
FROM {db_prefix}messages AS m
LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
WHERE m.id_msg = {int:id_msg}
AND m.id_topic = {int:current_topic}
LIMIT 1',
array(
'current_topic' => $topic,
'id_msg' => $_POST['msg'],
)
);
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('no_board');
$message = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
$reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
$subject = un_htmlspecialchars($message['subject']);
// Get a list of members with the moderate_board permission.
require_once($sourcedir . '/Subs-Members.php');
$moderators = membersAllowedTo('moderate_board', $board);
$request = $smcFunc['db_query']('', '
SELECT id_member, email_address, lngfile, mod_prefs
FROM {db_prefix}members
WHERE id_member IN ({array_int:moderator_list})
AND notify_types != {int:notify_types}
ORDER BY lngfile',
array(
'moderator_list' => $moderators,
'notify_types' => 4,
)
);
// Check that moderators do exist!
if ($smcFunc['db_num_rows']($request) == 0)
fatal_lang_error('no_mods', false);
// If we get here, I believe we should make a record of this, for historical significance, yabber.
if (empty($modSettings['disable_log_report']))
{
$request2 = $smcFunc['db_query']('', '
SELECT id_report, ignore_all
FROM {db_prefix}log_reported
WHERE id_msg = {int:id_msg}
AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
ORDER BY ignore_all DESC',
array(
'id_msg' => $_POST['msg'],
'not_closed' => 0,
'ignored' => 1,
)
);
if ($smcFunc['db_num_rows']($request2) != 0)
list ($id_report, $ignore) = $smcFunc['db_fetch_row']($request2);
$smcFunc['db_free_result']($request2);
// If we're just going to ignore these, then who gives a monkeys...
if (!empty($ignore))
redirectexit('board=' . $board . '.0');
// Already reported? My god, we could be dealing with a real rogue here...
if (!empty($id_report))
$smcFunc['db_query']('', '
UPDATE {db_prefix}log_reported
SET num_reports = num_reports + 1, time_updated = {int:current_time}
WHERE id_report = {int:id_report}',
array(
'current_time' => time(),
'id_report' => $id_report,
)
);
// Otherwise, we shall make one!
else
{
if (empty($message['real_name']))
$message['real_name'] = $message['poster_name'];
$smcFunc['db_insert']('',
'{db_prefix}log_reported',
array(
'id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string',
'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int',
'num_reports' => 'int', 'closed' => 'int',
),
array(
$_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'],
$message['subject'], $message['body'] , time(), time(), 1, 0,
),
array('id_report')
);
$id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
}
// Now just add our report...
if ($id_report)
{
$posterComment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\n" => '', "\t" => ''));
$smcFunc['db_insert']('',
'{db_prefix}log_reported_comments',
array(
'id_report' => 'int', 'id_member' => 'int', 'membername' => 'string', 'comment' => 'string', 'time_sent' => 'int',
),
array(
$id_report, $user_info['id'], $user_info['name'], $posterComment, time(),
),
array('id_comment')
);
}
}
// Find out who the real moderators are - for mod preferences.
$request2 = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}moderators
WHERE id_board = {int:current_board}',
array(
'current_board' => $board,
)
);
$real_mods = array();
while ($row = $smcFunc['db_fetch_assoc']($request2))
$real_mods[] = $row['id_member'];
$smcFunc['db_free_result']($request2);
// Send every moderator an email.
while ($row = $smcFunc['db_fetch_assoc']($request))
{
// Maybe they don't want to know?!
if (!empty($row['mod_prefs']))
{
list(,, $pref_binary) = explode('|', $row['mod_prefs']);
if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods)))
continue;
}
$replacements = array(
'TOPICSUBJECT' => $subject,
'POSTERNAME' => $poster_name,
'REPORTERNAME' => $reporterName,
'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'],
'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '',
'COMMENT' => $_POST['comment'],
);
$emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
// Send it to the moderator.
sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 0);
}
$smcFunc['db_free_result']($request);
// Keep track of when the mod reports get updated, that way we know when we need to look again.
updateSettings(array('last_mod_report_action' => time()));
// Back to the board! (you probably don't want to see the post anymore..)
redirectexit('board=' . $board . '.0');
}
?>